Malicious HTTP traffic detection system and method based on deep learning
A traffic detection and deep learning technology, applied in the field of information security, can solve the problems of network traffic data label noise, neglect, non-stationarity difficulties, etc., to reduce negative effects, enhance DCN, and improve interpretability.
Active Publication Date: 2020-03-24
SHANGHAI JIAO TONG UNIV
View PDF8 Cites 10 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
(2) Automatic learning methods: Compared with URLs, network traffic data also suffer from unavoidable difficulties of label noise and non-stationarity, making the self-learning function vulnerable to labels
Second, for existing self-learning functions, even for most manually designed functions, only focus on single field or multi-field content, the underlying triggering relationship between fields (such as the relationship between URL and reference, version and method) not taken seriously
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0055] The following describes several preferred embodiments of the present invention with reference to the accompanying drawings to make the technical content clearer and easier to understand. The present invention can be embodied in many different forms of embodiments, and the protection scope of the present invention is not limited to the embodiments mentioned herein.
[0056] In the drawings, components with the same structure are denoted by the same numerals, and components with similar structures or functions are denoted by similar numerals. The size and thickness of each component shown in the drawings are shown arbitrarily, and the present invention does not limit the size and thickness of each component. In order to make the illustration clearer, the thickness of parts is appropriately exaggerated in some places in the drawings.
[0057] Such as figure 1 Shown is a system structure diagram of a deep learning-based malicious HTTP traffic detection system in a preferr...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a malicious HTTP (Hyper Text Transport Protocol) traffic detection system and method based on deep learning, and relates to the technical field of information security, the malicious HTTP traffic detection system comprises a domain segmentation module, an active label correction module and a multi-domain feature extraction module, and the domain segmentation module segmentsdifferent types of fields into a unified format with a specific method for domain segmentation; an active label correction algorithm of the active label correction module is used for correcting the label and storing the corrected label into a database; the multi-domain feature extraction module is used for mining a deep relationship between different types of domains in the HTTP protocol; training and learning are carried out through data obtained by the active label correction module; through the implementation of the scheme, the problem of how to describe the HTTP traffic by utilizing fieldinteraction and selecting effective fields is solved, the negative influence of invalid information is reduced, the most important field is highlighted, and meanwhile, the interpretability of the framework is also improved.
Description
technical field [0001] The present invention relates to the technical field of information security, in particular to a system and method for detecting malicious HTTP traffic based on deep learning. Background technique [0002] Hypertext Transfer Protocol (HTTP) is the primary protocol for implementing desktop and mobile websites and applications. Due to the popularity and wide application of HTTP, which makes it easier for attackers to hide in a large amount of HTTP traffic, it has become the main medium of illegal activities. [0003] Existing malicious HTTP traffic detection methods can be broadly classified into two categories according to how features are designed: (1) Manually designed methods: detect anomalies using statistics-based multi-domain correlation feature sets. To exploit structural information, Rafiqu designs a message tree to generate signatures from malicious traffic only by a cluster-based approach. Richard passively generates fingerprints extracted f...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08G06N3/08
CPCG06N3/08H04L63/1416H04L67/02
Inventor 邹福泰张成伟吴越
Owner SHANGHAI JIAO TONG UNIV